Please read the following information carefully. This privacy notice contains information about what personal data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
WHO WE ARE
Ascertus Limited collects, uses and is responsible for personal information about our customers. When we do this we are the ‘controller’ of this information for the purposes of the UK GDPR, the General Data Protection Regulation and other applicable data protection laws.
We may also process personal data on behalf of our customers regarding their clients. When we do this we are a ‘Data Processor’.
Ascertus Limited is registered at Companies House, the United Kingdom’s registrar of companies. Our registration number is 08893788. Our registered address is c/o Naylor Accountancy Services Ltd, Unit B12, Pine Grove Enterprise Centre, Pine Grove, Crowborough, East Sussex, TN6 1DH, United Kingdom. We do not have any offices outside of the United Kingdom.
Ascertus Limited operate out of Mercury House, 117 Waterloo Road, London, SE1 8UL, United Kingdom.
Our Data Protection contact is Ceri Russell, Operations Manager.
Responsibility for Data Protection at Ascertus Limited
Ascertus Limited does not meet the criteria of the mandatory appointing of a Data Protection Officer and the Directors (Roy Russell, MD and Jon Wainwright, Sales Director) take full responsibility for Data Protection within the Company.
WHAT DO WE DO WITH YOUR INFORMATION?
Information collected by us
When carrying out the marketing and supply of our contractual duties including (but not limited to) consultancy, support, hosting and software implementation services, we collect the following personal information that you provide to us:
- Full name
- Business email
- Business phone number
Cookies and tracking technologies
We may use various technologies to collect and store information when you use our services and this may include using cookies and similar tracking technologies, such as pixels and beacons. For example, we may use web beacons in the emails we send. These web beacons track certain behaviour such as whether the email sent through the services was delivered and opened and whether links within emails were clicked. They also allow us to collect information such as the recipients IP address, browser, email client type and other related information.
We use this information to measure the performance of your email campaigns and to provide analytics information and enhance the effectiveness of our services. Reports are also available to us when we send email to you so we may collect and review that information.
Information collected during the recruitment process
When you apply for a job with us, we may process the personal data necessary to assess your suitability for the job you apply for. The data collected may include identity and contact details, previous experience, education and references. Depending on the stage of the recruiting process, other information may be required such as criminal records. This information is necessary for us to decide if we want to hire you and to enter into an employment contract with you.
If your application is unsuccessful, the data will be retained for 1 year from the end of the recruitment process so that we can inform you if any other suitable role comes up. Please note, you can ask us to remove this data at any time.
If the application is successful, the data, as well as additional human resources data, will be retained for at least the period of employment. In this case, your employee file will be retained for 6 years from the end of employment.
Information collected from other sources
We collect the following information from other relevant third parties such as your company’s website, Companies House, software partners, industry publications, industry events, LinkedIn and other publicly available databases.
- Full name
- Business email
- Business phone number
Information we may access on your behalf
In the course of the services we provide, you may require that we access your client data. This can include any or all of the personal data categories that you collect from your clients potentially including special category data.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for the following purposes:
- To negotiate the agreed Statement of Work and signed contract between Ascertus Limited and your Company. (Your personal data)
- To provide information and marketing for events, products, publications and services where there is a legitimate interest. (Your personal data)
- To perform the services that you have contracted with us. (Your clients' personal data)
WHETHER INFORMATION HAS TO BE PROVIDED BY YOU, AND WHY?
This personal information (names and business contact details) must be provided by you to us, to enable us to fulfil our contractual obligations. When we collect information from you, we will inform you whether you are required to provide this information to us.
LEGAL REASONS WE COLLECT AND USE YOUR PERSONAL INFORMATION
We rely on the following legal bases for processing your information:
- Necessary for the performance of a contract.
- Necessary for the purpose of legitimate interests (pursuing the commercial aims and objectives of Ascertus Limited).
- Necessary for compliance with a legal obligation to which Ascertus is subject.
WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH?
We have relationships with a number of third parties that we may share names and business contact details with. For a list of these third parties please see contact us.
This data sharing enables us to meet contractual obligations including providing software licences, support services and some hosting services. It may, on occasion, also be used for legitimate interest purposes to keep you informed of events, articles, updates and products and services which may be of interest.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent and we will never sell personal data.
TRANSFER OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
It may be necessary to transfer your personal information outside the UK or EEA or to an international organisation in order to obtain specific support information. A list of all third countries that your personal data may be transferred to can be requested.
These countries may not have same data protection laws as the United Kingdom and EEA. However any transfer will be subject to safeguards as permitted under the UK GDPR and the General Data Protection Regulation. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused. You are entitled to obtain a copy of the safeguards that have been made available to you.
Whenever a cross-border data transfer is required to meet our contracted services we will ensure that either a) the destination is deemed adequate by the EU or b) Standard Contractual Clauses are in place. Where the destination jurisdiction have far reaching surveillance laws or do not offer adequate data subject rights we will ensure the appropriate supplemental measures are in place.
If you would like any further information please contact us (see ‘Get in touch’ below).
HOW LONG WILL WE STORE YOUR PERSONAL DATA?
Personal data obtained and processed in relation to a contractual obligation will be stored until the contract has ended; at which point the data will be archived to allow for continuity and context should a new contract be raised or any queries or legal matters arise in future. Archived data will be retained for a further seven years starting from the termination date (not notice date) of any contract.
Under the UK GDPR and the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.
If you want to exercise any of these rights, please:
- Email firstname.lastname@example.org, call +44 (0) 20 3126 4960 or write to us at: Ascertus Limited c/o Naylor Accountancy Services Ltd, Unit B12, Pine Grove Enterprise Centre, Pine Grove, Crowborough, East Sussex, TN6 1DH, United Kingdom.
- We may need to contact you to request further information to verify your identity;
- State the right or rights that you wish to exercise;
- We will respond to you within one month from when we receive your request.
Please note if you wish to unsubscribe from any email you can do so by following the link in the email or email email@example.com. It may take up to five days for this to become effective.
HOW TO MAKE A COMPLAINT
We hope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).
The UK GDPR and the General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
Ascertus have deployed appropriate technical and organisational measures including strict policies governing information technology and data handling. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage, back up, transmission standards and environment integrity. Ascertus will use reasonable endeavours to install and have appropriate security measures in place in our facilities to protect against the loss, misuse or alteration of information that we have collected from you.
All personal data stored by Ascertus will reside on equipment located in the UK or EU.
If you would like further details please contact Ceri Russell.
We will not process your personal data for any reason other than stated within this privacy notice. If this changes, we will inform you by email.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 25th May 2018 and will be reviewed periodically in line with updated guidance and legislation changes.
We constantly review our internal privacy practices and may change this policy from time to time.
GET IN TOUCH
If you have any questions about this privacy notice or the information we hold about you, please contact us via firstname.lastname@example.org or +44 (0) 20 3126 4960.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us (see ‘Get in touch’ above).